Safaricom Foils Attempted Cyber Attack on M-Pesa Platform

Kenyan operator Safaricom has said that hackers have attempted to intercept its system with the intention of gaining access to customer funds on its mobile money transfer platform, M-Pesa.

The operator termed the breach as an elaborate cyber crime fraud attempt. Safaricom CEO Bob Collymore said the firm’s risk management unit detected the intrusion and immediately escalated the incident to the security agencies.

Collymore sought to assure customers that there was no cause for worry, as no money had been lost.

He said the matter is being treated with the seriousness it deserves, with the suspects due to be arraigned in court. He gave no further details of the incident, owing to the sensitivity of the matter.

One method used by the hackers was a SIM swap that gives the fraudster access to a customer’s card. In the reported case, they managed to access KES 266,000 from one customer. Safaricom said the funds were refunded once the breach was detected.

M-Pesa is the largest mobile money transfer system in the country and has also been linked to several banks. Safaricom has partnered with the KCB Group and the Commercial Bank of Africa (CBA) to create mobile accounts that enable customers to deposit, transfer and request loans.

In March, authorities discovered a cybercrime syndicated that had infiltrated the Kenya Revenue Authority (KRA), several blue chip companies as well as a supermarket chain. In the case of KRA, some KES 4 billion was said to be at risk from the cyber attack.

Collymore said the firm routinely and proactively implements preventative and detective controls around its information security on all its platforms.